15e3107a2c30da16832db6f9cdadd38c7a202d72b6a43899b9642d3b695d6f50

Analysis

max time kernel
101s
max time network
100s
platform
windows10_x64
resource
win10v200722
submitted
28-07-2020 07:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Aksip.bin.exe
Size

344KB
MD5

61506482ddd28756e443b3de05a3b1cf
SHA1

8d7effb5a456289d13f725486a30bed727a01be0
SHA256

15e3107a2c30da16832db6f9cdadd38c7a202d72b6a43899b9642d3b695d6f50
SHA512

18a7178209e6e9edd15e22c97ad15b049370fe457fcec815fe702d75514014460f80326e3a4ae6ca496582467c57398cdb250bf826b76e62bf2c56e1f38efe46

Score

8^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

Aksip.bin.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Windows\CurrentVersion\Run	Aksip.bin.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Windows\CurrentVersion\Run\TrustedInstaller.exe = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\TrustedInstaller.exe\" -start"	Aksip.bin.exe

Program crash 19 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
740	3940	WerFault.exe	Aksip.bin.exe
388	3940	WerFault.exe	Aksip.bin.exe
1172	3940	WerFault.exe	Aksip.bin.exe
1396	3940	WerFault.exe	Aksip.bin.exe
2732	3940	WerFault.exe	Aksip.bin.exe
3084	3940	WerFault.exe	Aksip.bin.exe
3388	3940	WerFault.exe	Aksip.bin.exe
3800	3940	WerFault.exe	Aksip.bin.exe
3468	3940	WerFault.exe	Aksip.bin.exe
3100	3940	WerFault.exe	Aksip.bin.exe
3920	3940	WerFault.exe	Aksip.bin.exe
1764	3940	WerFault.exe	Aksip.bin.exe
1516	3940	WerFault.exe	Aksip.bin.exe
1996	3940	WerFault.exe	Aksip.bin.exe
412	3940	WerFault.exe	Aksip.bin.exe
812	864	WerFault.exe	TrustedInstaller.exe
1812	864	WerFault.exe	TrustedInstaller.exe
3964	864	WerFault.exe	TrustedInstaller.exe
3076	864	WerFault.exe	TrustedInstaller.exe

Suspicious behavior: EnumeratesProcesses 247 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
740	WerFault.exe
740	WerFault.exe
740	WerFault.exe
740	WerFault.exe
740	WerFault.exe
740	WerFault.exe
740	WerFault.exe
740	WerFault.exe
740	WerFault.exe
740	WerFault.exe
740	WerFault.exe
740	WerFault.exe
740	WerFault.exe
388	WerFault.exe
388	WerFault.exe
388	WerFault.exe
388	WerFault.exe
388	WerFault.exe
388	WerFault.exe
388	WerFault.exe
388	WerFault.exe
388	WerFault.exe
388	WerFault.exe
388	WerFault.exe
388	WerFault.exe
388	WerFault.exe
1172	WerFault.exe
1172	WerFault.exe
1172	WerFault.exe
1172	WerFault.exe
1172	WerFault.exe
1172	WerFault.exe
1172	WerFault.exe
1172	WerFault.exe
1172	WerFault.exe
1172	WerFault.exe
1172	WerFault.exe
1172	WerFault.exe
1172	WerFault.exe
1396	WerFault.exe
1396	WerFault.exe
1396	WerFault.exe
1396	WerFault.exe
1396	WerFault.exe
1396	WerFault.exe
1396	WerFault.exe
1396	WerFault.exe
1396	WerFault.exe
1396	WerFault.exe
1396	WerFault.exe
1396	WerFault.exe
1396	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe

Executes dropped EXE 1 IoCs

Processes:

TrustedInstaller.exe

pid process

864 TrustedInstaller.exe
Deletes itself 1 IoCs

Processes:

notepad.exe

pid process

1004 notepad.exe

pid	process
864	TrustedInstaller.exe

pid	process
1004	notepad.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

Aksip.bin.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000090000000100000054000000305206082b06010505070308060a2b0601040182370a030406082b0601050507030606082b0601050507030106082b0601050507030706082b0601050507030206082b0601050507030406082b0601050507030353000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	Aksip.bin.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E	Aksip.bin.exe

Suspicious use of AdjustPrivilegeToken 23 IoCs

Processes:

description	pid	process
Token: SeRestorePrivilege	740	WerFault.exe
Token: SeBackupPrivilege	740	WerFault.exe
Token: SeDebugPrivilege	740	WerFault.exe
Token: SeDebugPrivilege	388	WerFault.exe
Token: SeDebugPrivilege	1172	WerFault.exe
Token: SeDebugPrivilege	1396	WerFault.exe
Token: SeDebugPrivilege	2732	WerFault.exe
Token: SeDebugPrivilege	3084	WerFault.exe
Token: SeDebugPrivilege	3388	WerFault.exe
Token: SeDebugPrivilege	3800	WerFault.exe
Token: SeDebugPrivilege	3468	WerFault.exe
Token: SeDebugPrivilege	3100	WerFault.exe
Token: SeDebugPrivilege	3920	WerFault.exe
Token: SeDebugPrivilege	1764	WerFault.exe
Token: SeDebugPrivilege	1516	WerFault.exe
Token: SeDebugPrivilege	1996	WerFault.exe
Token: SeDebugPrivilege	412	WerFault.exe
Token: SeDebugPrivilege	3940	Aksip.bin.exe
Token: SeDebugPrivilege	3940	Aksip.bin.exe
Token: SeDebugPrivilege	812	WerFault.exe
Token: SeDebugPrivilege	1812	WerFault.exe
Token: SeDebugPrivilege	3964	WerFault.exe
Token: SeDebugPrivilege	3076	WerFault.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

Aksip.bin.exe

description	pid	process	target process
PID 3940 wrote to memory of 864	3940	Aksip.bin.exe	TrustedInstaller.exe
PID 3940 wrote to memory of 864	3940	Aksip.bin.exe	TrustedInstaller.exe
PID 3940 wrote to memory of 864	3940	Aksip.bin.exe	TrustedInstaller.exe
PID 3940 wrote to memory of 1004	3940	Aksip.bin.exe	notepad.exe
PID 3940 wrote to memory of 1004	3940	Aksip.bin.exe	notepad.exe
PID 3940 wrote to memory of 1004	3940	Aksip.bin.exe	notepad.exe
PID 3940 wrote to memory of 1004	3940	Aksip.bin.exe	notepad.exe
PID 3940 wrote to memory of 1004	3940	Aksip.bin.exe	notepad.exe
PID 3940 wrote to memory of 1004	3940	Aksip.bin.exe	notepad.exe

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

2 geoiptool.com

flow	ioc
2	geoiptool.com

C:\Users\Admin\AppData\Local\Temp\Aksip.bin.exe
"C:\Users\Admin\AppData\Local\Temp\Aksip.bin.exe"
1⤵
- Adds Run key to start application
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 756
2⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 852
2⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 884
2⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 924
2⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 1088
2⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 1064
2⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:3084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 1132
2⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:3388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 1468
2⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:3800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 1684
2⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:3468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 1452
2⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:3100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 1468
2⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:3920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 1664
2⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:1764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 1680
2⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:1516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 1676
2⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:1996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 1928
2⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:412

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\TrustedInstaller.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\TrustedInstaller.exe" -start
2⤵
- Executes dropped EXE
PID:864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 828
3⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 856
3⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:1812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 804
3⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:3964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 928
3⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:3076

C:\Windows\SysWOW64\notepad.exe
notepad.exe
2⤵
- Deletes itself
PID:1004

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\TrustedInstaller.exe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\TrustedInstaller.exe

Download Submit
memory/388-6-0x0000000004810000-0x0000000004811000-memory.dmp

Filesize
4KB

Download
memory/388-9-0x0000000004E40000-0x0000000004E41000-memory.dmp

Filesize
4KB

Download
memory/412-102-0x00000000051F0000-0x00000000051F1000-memory.dmp

Filesize
4KB

Download
memory/412-103-0x0000000005920000-0x0000000005921000-memory.dmp

Filesize
4KB

Download
memory/740-2-0x0000000004CA0000-0x0000000004CA1000-memory.dmp

Filesize
4KB

Download
memory/740-3-0x0000000004CA0000-0x0000000004CA1000-memory.dmp

Filesize
4KB

Download
memory/740-5-0x0000000005450000-0x0000000005451000-memory.dmp

Filesize
4KB

Download
memory/812-118-0x0000000004A20000-0x0000000004A21000-memory.dmp

Filesize
4KB

Download
memory/812-111-0x00000000042F0000-0x00000000042F1000-memory.dmp

Filesize
4KB

Download
memory/864-145-0x0000000000000000-mapping.dmp

Download
memory/864-146-0x0000000000000000-mapping.dmp

Download
memory/864-167-0x0000000000000000-mapping.dmp

Download
memory/864-165-0x0000000000000000-mapping.dmp

Download
memory/864-164-0x0000000000000000-mapping.dmp

Download
memory/864-163-0x0000000000000000-mapping.dmp

Download
memory/864-162-0x0000000000000000-mapping.dmp

Download
memory/864-161-0x0000000000000000-mapping.dmp

Download
memory/864-160-0x0000000000000000-mapping.dmp

Download
memory/864-159-0x0000000000000000-mapping.dmp

Download
memory/864-158-0x0000000000000000-mapping.dmp

Download
memory/864-157-0x0000000000000000-mapping.dmp

Download
memory/864-153-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/864-152-0x0000000000000000-mapping.dmp

Download
memory/864-150-0x0000000000000000-mapping.dmp

Download
memory/864-151-0x0000000000000000-mapping.dmp

Download
memory/864-149-0x0000000000000000-mapping.dmp

Download
memory/864-147-0x0000000000000000-mapping.dmp

Download
memory/864-144-0x0000000000000000-mapping.dmp

Download
memory/864-143-0x0000000000000000-mapping.dmp

Download
memory/864-136-0x0000000000000000-mapping.dmp

Download
memory/864-135-0x0000000000000000-mapping.dmp

Download
memory/864-134-0x0000000000000000-mapping.dmp

Download
memory/864-104-0x0000000000000000-mapping.dmp

Download
memory/864-133-0x0000000000000000-mapping.dmp

Download
memory/864-132-0x0000000000000000-mapping.dmp

Download
memory/864-130-0x0000000000000000-mapping.dmp

Download
memory/864-108-0x0000000000856000-0x0000000000857000-memory.dmp

Filesize
4KB

Download
memory/864-109-0x00000000022B0000-0x00000000022B1000-memory.dmp

Filesize
4KB

Download
memory/864-129-0x0000000000000000-mapping.dmp

Download
memory/864-114-0x0000000000000000-mapping.dmp

Download
memory/864-115-0x0000000000000000-mapping.dmp

Download
memory/864-116-0x0000000000000000-mapping.dmp

Download
memory/864-117-0x0000000000000000-mapping.dmp

Download
memory/864-128-0x0000000000000000-mapping.dmp

Download
memory/864-119-0x0000000000000000-mapping.dmp

Download
memory/864-120-0x0000000000000000-mapping.dmp

Download
memory/864-121-0x0000000000000000-mapping.dmp

Download
memory/864-127-0x0000000000000000-mapping.dmp

Download
memory/864-125-0x0000000000000000-mapping.dmp

Download
memory/864-126-0x0000000000000000-mapping.dmp

Download
memory/1004-107-0x0000000000000000-mapping.dmp

Download
memory/1172-10-0x0000000004BB0000-0x0000000004BB1000-memory.dmp

Filesize
4KB

Download
memory/1172-11-0x00000000051E0000-0x00000000051E1000-memory.dmp

Filesize
4KB

Download
memory/1396-14-0x0000000004960000-0x0000000004961000-memory.dmp

Filesize
4KB

Download
memory/1396-12-0x0000000004420000-0x0000000004421000-memory.dmp

Filesize
4KB

Download
memory/1516-94-0x0000000004BC0000-0x0000000004BC1000-memory.dmp

Filesize
4KB

Download
memory/1516-97-0x00000000054F0000-0x00000000054F1000-memory.dmp

Filesize
4KB

Download
memory/1764-92-0x0000000004D00000-0x0000000004D01000-memory.dmp

Filesize
4KB

Download
memory/1764-93-0x0000000005530000-0x0000000005531000-memory.dmp

Filesize
4KB

Download
memory/1812-122-0x0000000004780000-0x0000000004781000-memory.dmp

Filesize
4KB

Download
memory/1812-131-0x0000000004F30000-0x0000000004F31000-memory.dmp

Filesize
4KB

Download
memory/1996-101-0x0000000004A10000-0x0000000004A11000-memory.dmp

Filesize
4KB

Download
memory/1996-98-0x00000000040E0000-0x00000000040E1000-memory.dmp

Filesize
4KB

Download
memory/2732-66-0x0000000004E90000-0x0000000004E91000-memory.dmp

Filesize
4KB

Download
memory/2732-67-0x0000000005280000-0x0000000005281000-memory.dmp

Filesize
4KB

Download
memory/2732-63-0x0000000004A90000-0x0000000004A91000-memory.dmp

Filesize
4KB

Download
memory/3076-166-0x0000000004A20000-0x0000000004A21000-memory.dmp

Filesize
4KB

Download
memory/3076-154-0x0000000004270000-0x0000000004271000-memory.dmp

Filesize
4KB

Download
memory/3084-71-0x00000000051E0000-0x00000000051E1000-memory.dmp

Filesize
4KB

Download
memory/3084-68-0x0000000004AB0000-0x0000000004AB1000-memory.dmp

Filesize
4KB

Download
memory/3100-89-0x0000000004AB0000-0x0000000004AB1000-memory.dmp

Filesize
4KB

Download
memory/3100-86-0x0000000004270000-0x0000000004271000-memory.dmp

Filesize
4KB

Download
memory/3388-72-0x00000000047C0000-0x00000000047C1000-memory.dmp

Filesize
4KB

Download
memory/3388-73-0x0000000004D00000-0x0000000004D01000-memory.dmp

Filesize
4KB

Download
memory/3468-85-0x0000000004F60000-0x0000000004F61000-memory.dmp

Filesize
4KB

Download
memory/3468-82-0x0000000004630000-0x0000000004631000-memory.dmp

Filesize
4KB

Download
memory/3800-81-0x00000000051A0000-0x00000000051A1000-memory.dmp

Filesize
4KB

Download
memory/3800-78-0x00000000047F0000-0x00000000047F1000-memory.dmp

Filesize
4KB

Download
memory/3920-90-0x0000000004780000-0x0000000004781000-memory.dmp

Filesize
4KB

Download
memory/3920-91-0x0000000004FB0000-0x0000000004FB1000-memory.dmp

Filesize
4KB

Download
memory/3940-0-0x0000000000946000-0x0000000000947000-memory.dmp

Filesize
4KB

Download
memory/3940-1-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/3964-148-0x0000000004DC0000-0x0000000004DC1000-memory.dmp

Filesize
4KB

Download
memory/3964-140-0x0000000004690000-0x0000000004691000-memory.dmp

Filesize
4KB

Download